Description
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1741
http://www.openwall.com/lists/oss-security/2020/03/25/2
Related Vulnerabilities
CVE-2016-3725 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2014-9635 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-21208 Vulnerability in npm package node-opcua
CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war